All packed up & ready for your enjoyment: PHP Source Auditor 4! So, if you have (most likely) never heard of it, this is the deal:

PSA4 is a Perl script that connects to your local webhost and scans all files (recursively) in the www root, for vulnerabilities. It scans for:

1. Remote File Inclusion
2. Remote Command Execution
3. Remote Code Execution
4. Cross Site Scripting
5. SQL injection (very weak scanning on this though)
6. Local File Inclusion (results sometimes get buggy)

The difference with other scanners is, it actually can tell whether the script is vulnerable or not since it exploits it on the fly by entering weird data into the variables. You can download it right here and (for now) nowhere else :).

No, I'm not talking about ironing cloths, more talking about my very own algorithm. It's not that special and seems to produce a lot of duplicates, and is quite reversable (credits to sraeG for reversing it in a challenge). I might write a completely new one, more advanced maybe. Source code is in PHP:

function iron($nr,$method = 'numeric')
{
$chrs = preg_split('//', $nr, -1, PREG_SPLIT_NO_EMPTY);
$d = '';
foreach($chrs as $c)
{
if(substr($d,-2,2) == round(ord($c)/2))
{
$d .= round(ord($c)/2)*round(ord($c)/2);
}
else
{
$d .= round(ord($c)/2);
}
}
switch($method)
{
case 'ascii':
$char = '';
for($i = strlen($d); $i > 0; $i -= 2)
{
$char .= chr(substr($d,-$i,2));
}
break;
default:
$char = $d;
break;

}
return $char;
}

Usage is as simple as iron("string","ASCII") for ASCII output (recommended only if you hash it with another algorithm after) or iron("string","numeric") for the normal numeric output. Online hasher is here.

The old music search page was kind of annoying, after entering a search term the next job was to actually find a working link. Our new page uses a huge database of known links that work. Because of the size of the new database, querying it can take a few seconds, but once queried it'll deliver you a nice set of working links!

The programming stage has finished only a few minutes ago, r0bin is now working on the design. Expect a release in a few hours!

edit: released!

Lots of PHP source codes are encrypted, for a number of reasons. A method to do this is to gzdeflate(<code>) in PHP, so it gets encrypted with the DEFLATE algorithm. Sometimes other methods of encryption are used, think of base64. I have written a tool (originally for personal use but I figured more people could use it) that decrypts this code automaticly online, instead of having to write a PHP script each time you want to decrypt some piece of code. Check it out here.

Some features have been added to the RandomBase homepage, such as the hover effect for the 'projects' buttons. I'm also considering permanently adding a live users online feature, that is automaticly updated, which gives a nice dynamic feel. To test this out, just go to randombase.com, press F5 or "refresh" in your browser to make sure the cached Javascript files are also updated. Now enter this in your URL window:

javascript:liveUsersOnline()

And some text will be added next to the menu, just a fun toy. The current refresh rate is five seconds. An other change is the changed urls for some links, like the affiliate buttons. It is no longer just the plain url but:

track.php?continue=<url>

Don't worry - we're not sending personal data; it's just a method for us to track the amount of clicks sent to a link, to get an idea about the popularity. And a last not-so-major-change is the news archive url, no longer ?histpage=1337 but /history/page/1337, just for SEO purposes. I'd probally need to change the track url too for SEO purposes then.

Remember my post about stopping comment spammers with Javascript? It has proven to be a very reliable method as long as you make sure to change the data that is generated with Javascript from site to site. A little example of only today from "spam that didn't quite make it":

[root@rbox /]# cat /var/log/randombase.com.log|grep "POST /news"
87.255.64.233 - - [19/Apr/2008:01:18:31 -0500] "POST /news/33 HTTP/1.1" 200 8922 "-" "-"
87.255.64.233 - - [19/Apr/2008:01:18:35 -0500] "POST /news/33 HTTP/1.1" 200 8922 "-" "-"
83.247.31.93 - - [19/Apr/2008:02:12:29 -0500] "POST /news/33 HTTP/1.0" 200 8811 "-" "-"
83.247.31.93 - - [19/Apr/2008:02:12:31 -0500] "POST /news/33 HTTP/1.0" 200 8811 "-" "-"
85.232.230.225 - - [19/Apr/2008:03:10:46 -0500] "POST /news/33 HTTP/1.1" 200 8924 "-" "-"
85.232.230.225 - - [19/Apr/2008:03:10:48 -0500] "POST /news/33 HTTP/1.1" 200 8924 "-" "-"

In this case it is clear they tried to spam us, no useragent nor referer set.

Downtime sucks, moving sucks. I am still fixing up all the bad coded parts of randombase and subprojects to fit nicely onto the new server, but one script happens to be more annoying to 'port' than the other. Perlforums for example is full of errors, which I really don't understand since the server environment itself hasn't changed that much, we changed only some directory structures to be easier for editing and adding stuff. Also, lots of people experience DNS troubles but that's only a matter of time, luckily.

Glad to be back though!

I have had quite a busy weekend, on programming side that is. I'm currently working on a brand-new project in a niche that I am extremely unfamiliar in, being everything that children to adolescents should like. When the project is finished it will probally appear in my portfolio. The work I'm doing for it will be mainly coding as usual, at the moment I'm working on an upload menu with a Wordpress admin frontend to approve/disapprove images. A blurred screenshot of it can be found below.

Are you fond of proxies? Then check out RB proxy and IW proxy. I realise 'ironwarez' doesn't have much to do with proxies, but it is an old domain name that I had to put to use somehow, no? These lists are both (magically) updated at different times from different sources, roughly each 24 hours.

If you ever wonder what to do when your internet access has been limited to 16 kbps and you only have your localhost server: write useless Javascript/PHP applications! To begin with, there is the most important script called the Carehat generator (source). And a good second is this script where you have exactly thousand little blocks to show your artistic talent! My own artistic talent doesn't go much further than a lame smiley, sad.